IT Security & Privacy

Over the course of the last year, the France’s data protection authority, the Commission nationale de l'informatique et des libertés (CNIL), issued 259 decisions, ranging from sanctions and compliance orders to reminders of legal obligations and warnings. Together, those actions translated into €486,839,500 in cumulative fines, or roughly $530 million, with cookies, employee monitoring, and data security emerging as the most common fault lines.

Australia’s Federal Court has ordered FIIG Securities Limited to pay $1.77 million USD (AUD 2.5 million) after regulators found the fixed-income specialist failed for years to adequately protect client data from cyber threats, shortcomings that intensified the impact of a major data breach in 2023.

The Federal Trade Commission has delivered its second report to Congress outlining how the agency is using its enforcement, oversight, and education authorities to counter ransomware and other cyberattacks, according to a release issued February 6.

Swedish authorities have recently delivered a long-awaited attempt at clarity on how health data can be used, shared, and governed. A government assignment launched in June 2025 asked the Swedish eHealth Agency and the Swedish Data Protection Authority to do something healthcare actors have been asking for repeatedly i.e., explain how the law actually works in practice when it comes to health data. That work is now complete, with the authorities submitting their final report this week to the Ministry of Health and Welfare.

The Cybersecurity and Infrastructure Security Agency has ordered federal civilian agencies to take a hard look at the devices sitting at the edge of their networks, and to remove any that can no longer be supported, as part of a broader push to reduce exposure to cyberattacks.

Panera Bread has confirmed a cyber intrusion after customer contact data linked to more than 5 million people appeared online, marking the latest high-profile breach tied to the ShinyHunters extortion group and its growing focus on identity-based attacks.

UK regulators have launched parallel investigations into the Grok artificial intelligence system following reports that it has been used to generate non-consensual sexualized images and videos of real people, including children.